Apple patches vulnerability exploited by NSO Group spyware

This week, Apple patched a 0-day vulnerability dubbed ForcedEntry, which was exploited by the controversial NSO Group’s spyware. The tech giant also released updates for macOS, iOS, iPadOS and watchOS.

For this problem, there was an exploit that was created by the Israeli company NSO Group, which produces “legal spyware”. Since the beginning of this year, this exploit has been used to hack the phones of a number of activists.

The ForcedEntry issue was identified as CVE-2021-30860 and was an integer overflow bug in the CoreGraphics component that is used to draw 2D graphics. ForcedEntry allowed NSO Group clients to send malicious PDFs to victims’ devices and run arbitrary code on iOS and macOS, eventually leading to system hijacking and the installation of Pegasus spyware.

In reports published by Citizen Lab in August and this week, researchers said they found several activists in Bahrain and Saudi Arabia using ForcedEntry on iPhones.

This exploit has been used in attacks since at least February 2021, and the NSO Group created it to bypass the BlastDoor security feature that Apple added to iOS 14 in the fall of 2020.the researchers say.

Citizen Lab experts point out that, judging by the logs of infected iPhones, there are two separate 0-click exploits for iMessage: Kismet, which targets devices running iOS 13.5.1, and ForcedEntry, which targets the latest devices running iOS 14.

In addition to ForcedEntry, Apple has fixed another dangerous problem in its products: another 0-day use-after-free vulnerability, CVE-2021-30858. This bug was discovered by an anonymous researcher and is related to the operation of the Safari browser engine (WebKit).

The issue allowed attackers to create malicious pages that could lead to command execution when visited from an iPhone or macOS device. It is reported that this vulnerability was also used to attack users, but so far there are no details about these incidents.

Let me remind you that we reported that Facebook sues NSO Group spyware maker due to exploitation of WhatsApp vulnerability, as well as that Israeli authorities are investigating the activities of NSO Group.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button